かしわば(@kash1064)

かしわば(@kash1064)

Aspiring Reverse Engineer and CTF Player (Team: 0nePadding). Passionate about WinDbg and Anti-Virus internals. OSCP / CISSP. Working at Microsoft Japan, but all views expressed are my own.

© 2026 かえるのひみつきち

Malware (en)

ClamAV (en)

Search Algorithms Powering AntiVirus 2 - Boyer–Moore (BM) & Wu-Manber (WM)

Using ClamAV as a reference, this article summarizes the Boyer–Moore (BM) and Wu-Manber (WM) algorithms that support AntiVirus pattern matching.

Read
ClamAV (en)

Information Retrieval Algorithms Behind AntiVirus, Part 1 - The Aho–Corasick Algorithm

Using ClamAV as a reference, this article summarizes the Aho–Corasick algorithm, an information retrieval algorithm that underpins AntiVirus software.

Read
ClamAV (en)

Notes on How clamscan Works Before It Performs a File Scan (unfinished)

These are notes on how clamscan works before it performs a file scan (unfinished).

Read
ClamAV (en)

Notes on Tracing the ClamAV Scan Process Until the Eicar Test File Is Detected

Notes on tracing the scan behavior in ClamAV from invocation to detection of the Eicar test file.

Read
ClamAV (en)

ClamAV On-Access Scanning with fanotify - Learning AntiVirus on Linux Through OSS -

This article briefly explains fanotify, the kernel framework used for real-time file scanning (On-Access scanning) by AntiVirus software for Linux.

Read
ClamAV (en)

How to Enable Debug Tracing for Bytecode Signatures in libclamav

This article summarizes how to enable debug tracing for bytecode signatures in libclamav.

Read
ClamAV (en)

HITCON CTF 2024 Writeup — AntiVirus (Rev)

HITCON CTF 2024 Writeup — Reverse-engineering a ClamAV bytecode signature file

Read
ClamAV (en)

Learning ClamAV Signature Creation and Analysis Through CTF

A summary of ClamAV signature syntax and analysis methods using the SECCON 2022 Devil Hunter challenge as a theme.

Read
ClamAV (en)

Summary of Building ClamAV from Source Code and Setting Up OnAccessScan

Summary of the steps to build ClamAV from source code and set up OnAccessScan.

Read
Windows (en)

Enumerating Process Information in the System with Win32 API

I tried enumerating process information in the system using Win32 API.

Read
Malware (en)

Fixing Noriben's PML File Loading Error and CSV Creation Failure in FlareVM

This article explains how to resolve the issue where Noriben fails to function properly in FlareVM 3.1, the malware analysis and forensics distribution I recently set up.

Read
Malware (en)

Installing FlareVM 3.1 Malware Analysis Distribution on Windows 10

This article documents the setup process for FLARE VM, a Windows distribution designed for malware analysis.

Read